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This listing of claims will replace all prior versions and listings of claims in the application. 
Listing of Claims: 

Claim 1 (Currently Amended): A method for controlling access to a resource of a device, 
the method comprising: 

storing, within a device, authorization data that defines at least one class of clients that 
access the device, wherein the authorization data defines for each class of clients: (i) an access 
control attribute that s pecifies coarse-grain acce ss control rights for members of the class.,to_ 
configuration date for a resource provided bv the device, and (ii) an associated regular expression 
specifying a textual pattern that specifies floe-w ain access control rights for the members of the,, 
class to only a portion of the c onfiguration data for the resource provided by the device rand- 
fur th o r nh c r ri n t he ncrr - nnntrnl attribute is a r n ' n nCBnrn onntrnl attribute defining - 

aoocoD control rights for members of the class to a r e aourcc provided by the devic e; 

receiving, with the device, a command from a client, wherein the command requests 
access to the portion of the c onfiguration data for the resource of the device; 

identifying the class of which the client is a member; 

retrieving, from the authorization data, both t he access control attribute and the regular 
expression for the identified class of which the client is a member; 

evaluating the command using the retrieved regular expression to determine whether the 
command matches the textual pattern specified by the retrieved regular expression; and 

controlling access to the portion of the c onfiguration data requested by the client based or 
both: fi> t he coarse-grain access control ri ghts to the co nfiguration data of the resource specified 
hv the access control a ttribute for the identified class of which the client is a member, and (ii) the 
evaluation of the regular expression for that class. 
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Claim 2 (Previously Presented): The method of claim 1 , wherein controlling access 
comprises allowing access to the configuration data when the access control attribute denies 
access to the resource and the textual pattern of the regular expression matches the command. 

Claim 3 (Previously Presented): The method of claim 1 , wherein controlling access 
comprises denying access to the configuration data when the access control attribute grants 
access to the resource and the textual pattern of the regular expression matches the command. 

Claim 4 (Original): The method of claim 1 , wherein storing authorization data comprises 
storing the authorization data as an authorization class that conforms to a class syntax. 

Claim 5 (Cancelled). 

Claim 6 (Previously Presented): The method of claim 1 , wherein the coarse-grain access 
control attribute comprises a set of permission bits, and each of the permission bits is associated 
with a respective group of the resources within the network device. 

Claim 7 (Previously Presented): The method of claim 1 , further comprising receiving the 
command from the client via a command line interface. 

Claim 8 (Original): The method of claim 7, wherein evaluating the command comprises 
evaluating the command in real-time while the client inputs the command via the command line 
interface. 
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Claim 9 (Currently Amended): Tho mothod of oleum 1 , 
A method comprising: 

storing, within a device, configuration data for one or more resources provided by the 
device, wherein the configuration data is arranged in the form of a multi-level configuration 
hierarchy having a plurality of higher-level objects and a plurality of lower-level objects, and 
each of the higher-level o bjects represents a portion of the configuration data that relates to eee- 
e r-mor e a respective one of the r esources of the device; 

storing, within the device, authorization data that defines at leas t one class of clients that 
access the device, wherein the authorization data defines for each class of clients: fi) an access 
control attribute that specifies coarse-grain access control rights fo r members of the class to the, 
^nfi puration data for the resource, and Cxi) an associated regul ar expression specifying a textual 
pattern that specifies fine-grain access control rights for th e members of the class to only a 
portion of the configuration data for the resource; 

receiving, with the device, a command from a client wherein the command requests 
access to one or more of the lower-level objects of the configuration data for a particular one the 
resources of the device: 

identifying the class of wh ich the client is a member: 

retrieving, from the authorization data, both the acce ss control attribute and the regular 
e gression for the identified class of which the client is a member; 

evaluating the command using the retrieved reg ular expression to determine whetheT the 
command matches the te vtnal pattern s p ecified by the retrieved regular expression; an d 

controlling access to the one or more lower- level obiects of the configuration data 
^q uested bv the client based on both: ffl the coarse-grain access control rights for the higher ; 
level ob ject of the configuration data fo * the re nted resource as specified by the access control 
Attribute for the identified class of whic h the client is a member, and (ii) the evaluation of the 
™gi ibr ev prsssion for that class with r e sncct to the requested one or more lower-level objects of 
the resource . 
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Claim 1 0 (Original): The method of claim 9, wherein the objects have respective textual labels 
and the regular expression defines the textual pattern to match the textual labels of a set of one or 
more of the objects within the configuration hierarchy. 

Claim 1 1 (Original): The method of claim 1 0, wherein evaluating the command comprises 
applying the regular expression to the command to determine whether the command specifies any 
of the objects within the set. 

Claim 12 (Original): The method of claim 9, further comprising pre-processing the regular 
expression to automatically insert one or more roeta-characters into the regular expression based 
on the hierarchical arrangement of the configuration data. 

Claim 13 (Previously Presented): The method of claim 9, further comprising pre-processing 
the regular expression so that the command is evaluated with the regular expression in real-time - 
as the client enters the command. 

Claim 14 (Original): The method of claim 1 3, wherein evaluating the command comprises 
evaluating the command with the pre-processed regular expression each time the client enters a 
token indicating a textual break within the command. 

Claim 1 5 (Original): The method of claim 1 , wherein controlling access comprises controlling 
access to configuration data of a router. 

Claims 16-18 (Cancelled) 
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Claim 1 9 (Currently Amended): A method comprising ; 

receiving input defining at least one class of clients 
input defines for each class of clients an access control 
expression that specifies a textual patterned further 
rnarsc- fiTain access control a ttribute defining access confa^l 



that access a device, wherein the 
attoiibute and an associated regular 
whetein the access control attribute is a 



rgsourcg nrovide d hv the device aiH the tegufe gxgl^aSI defines fine-grain access control 



ri ghts for members of the class tc - eortjon ophg npjcnnrcc . nrovided by the device 



pre-processing the regular expression for each 
or more metacharacters into the regular expression; 

receiving an access request from a client; 

identifying the class of which the client is a 

retrieving the access control attribute and the 
which the client is a member; 

evaluating a command in real-time using the regul 
which the client is a member as the client enters the 

controlling access to configuration data of a devic 



class of clients to automatically insert one 



Claim 20 (Original): The method of claim 19, further 
in the form of a multi-level configuration hierarchy havitjg 
processing the regular expression comprises automatic 
into the regular expression based on the hierarchical arrangement 



gulir 



Claim 21 (Original): The method of claim 19, the re 
that identifies one or more of the objects within the ci 
command comprises: 

applying the regular expression in real-time to 
command that has been entered by the client matches th< 

selectively allowing the client to complete the 
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rights for members of the class to a 



l memb sr; 

regu ar expression for the identified class of 

ar expression for the identified class of 
comr land via a command line interface; and 
2 based on the evaluation. 



comprising storing the configuration data 
a plurality of objects, wherein pre- 
inserting one or more meta-characters 
of the configuration data. 



expression defines a textual pattern 
ondguration hierarchy, and evaluating the 



determine whether a portion of the 

textual pattern; and 
cobmand based on the determination. 
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Claim 22 (Currently Amended): A computer-readable medium comprising instructions for 
causing a programmable processor to: 

store, within a device, authorization data that defines at least one class of clients that 
access the device, wherein the authorization data defines for each class of clients an access 
control attribute and an associated regular expression defining a textual pattern, and further 
wherein the access control attribute is a coarse-grain access control attribute defining access 
control rights fe^toa resource[[s]J provided by [(a]]the device and the regular expression defines 
fine-main access control rights for members of the class to a porti o n of the resource provided by 
the device : 

receive, with tfj e device, the command from a client, wherein the command requests 
access to configuration data of the device; 

identify the class of which the client is a member; 

retrieve, from the authorization data, the access control attribute and the regular 
expression for the identified class of which the client is a member; 

evaluate the command using the retrieved regular expression to determine whether the 
command matches the textual pattern specified by the retrieved regular expression; and 

control access to the configuration data by the client based on the coarse-grain access 
control attribute for the identified class of which the client is a member and the evaluation of the 
regular expression for that class. 

Claim 23 (Original): The computer-readable medium of claim 22, further comprising 
instructions to cause the programmable processor to allow access to the configuration data when 
the textual pattern of the regular expression matches the command. 

Claim 24 (Original): The computer-readable medium of claim 22, further comprising 
instructions to cause the programmable processor to deny access to the configuration data when 
the textual pattern of the regular expression matches the command. 

Claim 25 (Cancelled). 
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Claim 26 (Previously Presented): The computer-readable medium of claim 22 , wherein the 
coarse-grain access control attribute comprises a set of permissi on bits, and each of the 
permission bits is associated with a respective group of the resources. 

Claim 27 (Previously Presented): The computer-readable medium of claim 22, further 
comprising instructions to cause the programmable processor to receive the command from the 
client via a command line interface, 

Claim 28 (Original): The computer-readable medium of claim 27, further comprising 
instructions to cause the programmable processor to evaluate the command in real-time while the 
client inputs the command via the command line interface. 

Claim 29 (Original): The computer-readable medium of claim 22, wherein the configuration 
data is arranged in the form of a multi-level configuration hierarchy having a plurality of objects, 
and each of the objects represents a portion of the configuration data that relates to one or more 
resources of the device. 

Claim 30 (Original): The computer-readable medium of claim 29, wherein the objects have 
respective textual labels and the regular expression defines the textual pattern to match the 
textual labels of a set of one or more of the objects within the configuration hierarchy. 

Claim 3 1 (Original): The computer-readable medium of claim 30, wherein further comprising 
instructions to cause the programmable processor to apply the regular expression to the command 
to determine whether the command specifies any of the objects within the set. 

Claim 32 (Original): The computer-readable medium of claim 29, further comprising 
instructions to cause the programmable processor to pre-process the regular expression to 
automatically insert one or more meta-characters into the regular expression based on the 
hierarchical arrangement of the configuration data. 
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Claim 33 (Original): The computer-readable medium of claim 29, further comprising 
instructions to cause the programmable processor to receive the command from a client via a 
command line interface, and pre-process the regular expression so that the command is evaluated 
with the regular expression in real-time as the client enters the command. 

Claim 34 (Original): The computer-readable medium of claim 33, further comprising 
instructions to cause the programmable processor to evaluate the command with the pre- 
processed regular expression each time the client enters a token indicating a textual break within 
the command. 

Claim 35 (Original): The computer-readable medium of claim 22, further comprising 
instructions to cause the programmable processor to control access to configuration data of a 
router. 

Claims 36-55 (Cancelled). 

Claim 56 (Previously Presented): The method of claim 1, wherein a resource is at least one of 
a present configuration of the device, policies and relationships with other devices, a 
configuration of an interface card of the device, a parameter for network protocols supported by 
the device, a specification for a physical component within the device, information maintained by 
the device, a software module executing on the device, device chassis inventory, device system 
parameters, routing policies, forwarding options, network flow statistics, error logs, user 
information, or performance metrics. 
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